ISO22301 (ISO 22301) Business Continuity Standard

ISO/IEC 22301:2012 sets out the requirements for a business continuity management system (BCMS) and is considered the only credible framework for effective business continuity management in the world.

By creating a BCMS aligned with ISO 22301, organisations are best prepared for a disruptive incident.

Effective business continuity management means an organisation can resume operations and return to ‘business as usual’ as quickly as possible after a disruptive incident (for example, a cyber attack or power failure).

An ISO 22301-aligned BCMS will include disaster recovery plans that focus on the recovery of specific operations, functions, sites, services or applications.

What is a business continuity management system (BCMS)?

A BCMS is a comprehensive approach to organisational resilience. It enables organisations to update, control and deploy effective plans, taking into account organisational contingencies and capabilities, as well as the business needs (product- and service- requirements).

A BCMS helps the business to cope with incidents affecting all of the organisation’s business-critical processes and activities, from the failure of a single server to the complete loss of a major facility.

What is the difference between business continuity management and disaster recovery?

Disaster recovery management (DRM) usually takes place within the context of business continuity management. Disaster recovery plans are often relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. Best practice for disaster recovery is also set out in ISO/IEC 22301.

Business continuity management makes sure that a business can continue to function while recovering from the disaster. DRM, meanwhile, is a process of returning a business or organisation to a state of normality after a disastrous event. This will ordinarily incorporate business continuity, but the focus is on total recovery.

What is the difference between a business continuity plan and a BCMS?

A BCMS is a comprehensive approach to organisational resilience. It allows organisations to update, control and deploy effective plans, taking into account organisational contingencies, capabilities and business needs (product and service requirements).

BCMS

Based on analysis

Regularly tested

Requires regular review and management

Awareness organisation-wide, embedded in the culture and deployed throughout the business

Business Continuity Plan

Based on guesswork

Untested

Can become outdated

Lack of organisational awareness, deployed in a limited division of the organisation and not part of the culture

What are the benefits of business continuity management and ISO 22301?

Optimally recover from a potentially damaging and disruptive incident.

Protect your organisation’s turnover, profits and reputation due to improved resilience and preparedness.

Achieve regulatory and governance requirements where business continuity management is a necessity.

Reduce the cost of business interruption insurance cover based on actual analysis of your organisational risk exposure.

Receive independently audited assurance that your business has established the necessary measures to respond to a potential disaster.